On Tue, 2018-03-13 at 14:40 -0500, Eric W. Biederman wrote: > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> writes: > > > For local filesystems, the kernel prevents files being executed from > > being modified. With IMA-measurement enabled, the kernel also emits > > audit "time of measure, time of use" messages for files opened for > > read, and subsequently opened for write. > > > > Files on fuse are initially measured, appraised, and audited. Although > > the file data can change dynamically any time, making re-measuring, > > re-appraising, or re-auditing pointless, this patch set attempts to > > differentiate between unprivileged non-init root and privileged > > mounted fuse filesystems. > > Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > Overall ack on the way this is put together. Thanks you! Mimi
